Jackpotting Simulation – ATM Red Team for major Financial Istitution
Objective
Replicate modern black-box / hybrid jackpotting tactics on NCR & Diebold ATMs in customer’s lab.
Toolset & Method
- €50 hardware kit: Raspberry Pi Zero W, USB hub, crocodile clips, cordless drill.
- HID attack: cut keypad USB, insert Pi → emulates keyboard and NIC.
- PowerShell loader pulls XFS custom utilities + custom payload, commands cash dispenser.
- DNS covert channel validated exfil in “air-gapped” mode.
Outcome
| Metric | Result |
|---|---|
| Cash-out | Success – full dispenser control |
| Detection | No AV / EDR alerts |
| Time on device | < 5 min per ATM |
| Findings | 5 critical (USB HID, admin account, DNS tunneling, app whitelisting, DoS bug) |
Recommendations
USB-HID whitelisting, AppLocker/WDAC, non-privileged service accounts, DNS egress filtering.
(Detailed report available to client)